Virus Alert! Klez worm attacks anti-virus programs!
Virus Alert! New Klez worm attacks anti-virus programs!
This question was answered on April 17, 2002. Much of the information contained herein may have changed since posting.A new variation of the Klez worm is in wide distribution
The worm has its own e-mail engine for mass mailing itself to others and has modified code that let it get past and disable many popular anti-virus programs In addition, because it can also spread to shared drives on local area networks or LANs, entire corporate networks can become infected by a single computer on the LAN.
WHAT IT DOES...
The worm arrives in an e-mail message with an attachment that, in many cases, doesn't need the recipient to open it in order to run Instead, it takes advantage of a year-old vulnerability in Microsoft Outlook, known as the Automatic Execution of Embedded MIME Type bug, to open itself automatically on unpatched versions of Outlook (Make sure you have the latest security patches for your Microsoft products by going to the 'Product Updates' link at >http://windowsupdate.microsoft.com</b>.)
Once activated, the worm will find any network storage available on the infected computer and copy itself to any remote disk drives using a random file name and a .EXE, .PIF, .COM, .BAT, .SCR or .RAR extension
The worm will also gather e-mail addresses by searching a host of different file types on the infected system and using its own e-mail engine, the worm will send itself to those addresses In addition, it will use the addresses to create a fake "From:" field in the e-mail message, disguising the actual source of the e-mail
Finally, the worm attempts to disable antivirus software by deleting registry keys, stopping running processes and removing virus-definition files.
WHAT TO WATCH FOR:
The worm arrives in an e-mail message with one of 120 possible subject lines and a completely random message body.
According to the Symantec AntiVirus Research Center (SARC.com), the subject line can be one of the following:
Undeliverable mail--"[Random word]"
Returned mail--"[Random word]"
a [Random word] [Random word] game
a [Random word] [Random word] tool
a [Random word] [Random word] website
a [Random word] [Random word] patch
[Random word] removal tools
how are you
let's be friends
so cool a flash,enjoy it
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures
****The random word will be one of the following:
In order to be protected from this new strain of Klez, you must update your anti-virus programs definition file with a date of 04/17/02 or later.
WHAT TO DO IF YOU CONTRACT THIS WORM
If this worm is activated in your system, in most cases you will not be able to start your anti-virus program Once this worm has executed, it can be difficult and time consuming to remove The procedure that you must use to do this varies with the operating system
You can get step-by-step instructions from the SARC website at:<a href="http://www.sarc.com/avcenter/venc/data/[email protected]#removalinstructions" target="_blank">>http://www.sarc.com/avcenter/venc/data/[email protected]mm.html#removalinstructions</a>
Need Help with this Issue?
We help people with technology! It's what we do.
Schedule an Appointment with a location for help!
Posted by Ken of Data Doctors on April 17, 2002